diff --git a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
index 023cf8e53bcc8f531227ef6a20beb1adba4b01e5..fe9b62eba166406474edd9d673531191cdcc60ce 100644
--- a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
@@ -7,6 +7,7 @@
namespace Drupal\simpletest;
+use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Random;
use Drupal\Core\Database\Database;
use Drupal\Component\Utility\String;
@@ -189,6 +190,11 @@ abstract class TestBase {
*/
protected $randomGenerator;
+ /**
+ * The name of the session cookie.
+ */
+ protected $originalSessionName;
+
/**
* Constructor for Test.
*
@@ -1029,8 +1035,17 @@ private function prepareEnvironment() {
$this->originalProfile = drupal_get_profile();
$this->originalUser = isset($user) ? clone $user : NULL;
- // Ensure that the current session is not changed by the new environment.
- \Drupal::service('session_manager')->disable();
+ // Prevent that session data is leaked into the UI test runner by closing
+ // the session and then setting the session-name (i.e. the name of the
+ // session cookie) to a random value. If a test starts a new session, then
+ // it will be associated with a different session-name. After the test-run
+ // it can be safely destroyed.
+ // @see TestBase::restoreEnvironment()
+ if (PHP_SAPI != 'cli' && session_status() == PHP_SESSION_ACTIVE) {
+ session_write_close();
+ }
+ $this->originalSessionName = session_name();
+ session_name('SIMPLETEST' . Crypt::randomBytesBase64());
// Save and clean the shutdown callbacks array because it is static cached
// and will be changed by the test run. Otherwise it will contain callbacks
@@ -1145,6 +1160,15 @@ protected function tearDown() {
* @see TestBase::prepareEnvironment()
*/
private function restoreEnvironment() {
+ // Destroy the session if one was started during the test-run.
+ $_SESSION = array();
+ if (PHP_SAPI != 'cli' && session_status() == PHP_SESSION_ACTIVE) {
+ session_destroy();
+ $params = session_get_cookie_params();
+ setcookie(session_name(), '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+ }
+ session_name($this->originalSessionName);
+
// Reset all static variables.
// Unsetting static variables will potentially invoke destruct methods,
// which might call into functions that prime statics and caches again.
@@ -1230,7 +1254,6 @@ private function restoreEnvironment() {
// Restore original user session.
$this->container->set('current_user', $this->originalUser);
- \Drupal::service('session_manager')->enable();
}
/**
diff --git a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
index a120883ac2e38732b4b67d31d0f9302a9cf8eb2a..82e37e44c9364b9006405c627be8cb49127b91c0 100644
--- a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
@@ -776,6 +776,16 @@ protected function drupalLogout() {
}
}
+ /**
+ * Return the session name in use on the child site.
+ *
+ * @return string
+ * The name of the session cookie.
+ */
+ public function getSessionName() {
+ return $this->session_name;
+ }
+
/**
* Sets up a Drupal site for running functional and integration tests.
*
@@ -807,6 +817,12 @@ protected function setUp() {
'pass_raw' => $this->randomName(),
));
+ // The simpletest child site currently uses the same session name as the
+ // execution environment.
+ // @todo: Introduce a setting such that the session name can be customized
+ // for the child site.
+ $this->session_name = $this->originalSessionName;
+
// Reset the static batch to remove Simpletest's batch operations.
$batch = &batch_get();
$batch = array();
@@ -1107,7 +1123,6 @@ protected function rebuildContainer($environment = 'prod') {
else {
$this->container->get('request_stack')->push($request);
}
- $this->container->get('current_user')->setAccount(\Drupal::currentUser());
// The request context is normally set by the router_listener from within
// its KernelEvents::REQUEST listener. In the simpletest parent site this
@@ -1224,9 +1239,6 @@ protected function curlInitialize() {
if (!$result) {
throw new \UnexpectedValueException('One or more cURL options could not be set.');
}
-
- // By default, the child session name should be the same as the parent.
- $this->session_name = session_name();
}
// We set the user agent header on each request so as to use the current
// time and a new uniqid.
diff --git a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
index a9c709c1ae5fe707e29a1c709010752c81bfc723..cc753b6e6d09acd92ff5aa601f8e8ff805c88091 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
@@ -40,12 +40,12 @@ public function setUp() {
protected function testHttpsSession() {
if ($this->request->isSecure()) {
- $secure_session_name = session_name();
- $insecure_session_name = substr(session_name(), 1);
+ $secure_session_name = $this->getSessionName();
+ $insecure_session_name = substr($this->getSessionName(), 1);
}
else {
- $secure_session_name = 'S' . session_name();
- $insecure_session_name = session_name();
+ $secure_session_name = 'S' . $this->getSessionName();
+ $insecure_session_name = $this->getSessionName();
}
$user = $this->drupalCreateUser(array('access administration pages'));
@@ -124,8 +124,8 @@ protected function testMixedModeSslSession() {
return;
}
else {
- $secure_session_name = 'S' . session_name();
- $insecure_session_name = session_name();
+ $secure_session_name = 'S' . $this->getSessionName();
+ $insecure_session_name = $this->getSessionName();
}
// Enable secure pages.
@@ -231,12 +231,12 @@ protected function testMixedModeSslSession() {
*/
protected function testCsrfTokenWithMixedModeSsl() {
if ($this->request->isSecure()) {
- $secure_session_name = session_name();
- $insecure_session_name = substr(session_name(), 1);
+ $secure_session_name = $this->getSessionName();
+ $insecure_session_name = substr($this->getSessionName(), 1);
}
else {
- $secure_session_name = 'S' . session_name();
- $insecure_session_name = session_name();
+ $secure_session_name = 'S' . $this->getSessionName();
+ $insecure_session_name = $this->getSessionName();
}
// Enable mixed mode SSL.
diff --git a/core/modules/system/lib/Drupal/system/Tests/Session/SessionTest.php b/core/modules/system/lib/Drupal/system/Tests/Session/SessionTest.php
index 720f16fcfc8d5486d4b2918802ef705d2fdd2324..c64d1adae4d4040b39cfdf604a2695bef9283ff5 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Session/SessionTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Session/SessionTest.php
@@ -36,7 +36,7 @@ public static function getInfo() {
*/
function testSessionSaveRegenerate() {
$session_manager = $this->container->get('session_manager');
- $this->assertFalse($session_manager->isEnabled(), 'SessionManager->isEnabled() initially returns FALSE (in testing framework).');
+ $this->assertTrue($session_manager->isEnabled(), 'SessionManager->isEnabled() initially returns TRUE.');
$this->assertFalse($session_manager->disable()->isEnabled(), 'SessionManager->isEnabled() returns FALSE after disabling.');
$this->assertTrue($session_manager->enable()->isEnabled(), 'SessionManager->isEnabled() returns TRUE after enabling.');